Filtered by vendor Sap
Subscribe
Total
1491 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9264 | 1 Sap | 1 Sql Anywhere | 2025-04-12 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. | |||||
| CVE-2014-4007 | 1 Sap | 1 Upgrade Tools | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | |||||
| CVE-2016-1928 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978. | |||||
| CVE-2016-2386 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. | |||||
| CVE-2016-6149 | 1 Sap | 1 Hana Sps09 | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941. | |||||
| CVE-2014-3134 | 1 Sap | 1 Businessobjects | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-2388 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. | |||||
| CVE-2015-2282 | 1 Sap | 6 Gui, Maxdb, Netweaver Abap Application Server and 3 more | 2025-04-12 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | |||||
| CVE-2015-7729 | 1 Sap | 1 Hana | 2025-04-12 | 6.5 MEDIUM | N/A |
| Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892. | |||||
| CVE-2014-8666 | 1 Sap | 1 Business Intelligence Development Workbench | 2025-04-12 | 5.0 MEDIUM | N/A |
| The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. | |||||
| CVE-2015-8753 | 1 Sap | 1 Afaria | 2025-04-12 | 9.4 HIGH | 9.1 CRITICAL |
| SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. | |||||
| CVE-2015-6507 | 1 Sap | 1 Hana | 2025-04-12 | 7.2 HIGH | N/A |
| The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700. | |||||
| CVE-2016-2389 | 1 Sap | 1 Netweaver | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. | |||||
| CVE-2014-5506 | 1 Sap | 1 Crystal Reports | 2025-04-12 | 6.8 MEDIUM | N/A |
| Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | |||||
| CVE-2013-7365 | 1 Sap | 1 Enterprise Portal | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2015-8030 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-04-12 | 6.8 MEDIUM | N/A |
| SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities. | |||||
| CVE-2014-8312 | 1 Sap | 1 Netweaver Abap | 2025-04-12 | 3.5 LOW | N/A |
| Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. | |||||
| CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | |||||
| CVE-2014-5174 | 1 Sap | 1 Netweaver Business Warehouse | 2025-04-12 | 3.5 LOW | N/A |
| The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||